Configuring Citrix XenDesktop 7.6 and NetScaler Gateway 10.5 with PIV Smart Card Authentication

Size: px
Start display at page:

Download "Configuring Citrix XenDesktop 7.6 and NetScaler Gateway 10.5 with PIV Smart Card Authentication"

Transcription

1 Configuring Citrix XenDesktop 7.6 and NetScaler Gateway 10.5 with PIV Smart Card Authentication This guide is intended for those who are deploying smart cards with Citrix products. It provides stepby-step instructions for deployment in United States federal environments. Carel Grove Citrix Authentication Platforms Group

2 Table of Contents Introduction... 1 How this guide is organized... 1 Future editions: What is not in this first edition... 1 Test environment... 2 Objectives... 2 Constraints... 3 Assumptions... 3 Section 1 Configuration Steps (on every machine in the test environment)... 4 Your Organization s Root Certification Authority... 5 Test environment assumptions... 5 Prerequisites... 5 Configuration Steps... 5 Your Organization s Issuing Certificate Authority... 6 Test environment assumptions... 6 Prerequisites... 6 Configuration Steps... 6 Domain Controller Test environment assumptions Prerequisites Configuration Steps User Account Settings Map AD user account to the PIV authentication certificate PKI certificate configuration Virtual Delivery Agent (VDA) Test environment assumptions Prerequisites Configuration Steps Delivery Controller Test environment assumptions Prerequisites Configuration Steps StoreFront Test environment assumptions citrix.com

3 Prerequisites Configuration Steps Configure StoreFront NetScaler Gateway Test Environment assumptions Configuration Steps Hardware security module (HSM) configuration and FIPS key generation Certificate configuration LDAP server configuration NetScaler Gateway virtual server configuration for fed-nsg NetScaler Gateway virtual server configuration for fed-callback Windows 7 (64 bit) Domain-Joined External Endpoint Test environment assumptions Prerequisites Configuration Steps Section 2 Smart Card Single Sign-on Introduction PIN Prompt Origin No reduction (four PIN prompts) Smart card Single Sign-on state A Resultant smart card Single Sign-On behavior A First reduction (three PIN prompts) Smart card Single Sign-on state B (three PIN prompts) Resultant smart card Single Sign-on behavior B Second reduction (two PIN prompts) Smart card Single Sign-on state C (two PIN prompts) Resultant smart card Single Sign-on behavior C Third reduction (one PIN prompt) Smart card Single Sign-on state D (one PIN prompt) Resultant smart card Single Sign-on behavior D Appendices Appendix A: NIST PIV Test Card Certificates, Keys and Chain of Trust Appendix B: Obtaining CA Certificates from Root and Issuing Certificate Authorities citrix.com

4 Appendix C: Manually validate the CA Chain of Trust From a Leaf Certificate to its Corresponding Root Certificate Appendix D: Publishing Certificates to Active Directory Containers Appendix E: Install ActivClient on Windows 7 x Appendix F: How NetScaler Gateway Certificate and LDAP Authentication Policies Map to an Active Directory User Account Last updated 10 April, 2015 Citrix Citrix Systems, Inc. All Rights Reserved citrix.com

5 Introduction This guide describes how to configure a test environment from beginning to end. How this guide is organized The test environment consists of the essential components that constitute a typical Citrix deployment (XenDesktop, Delivery Controller, StoreFront, and virtual desktops accessed via NetScaler Gateway). Each Citrix component is deployed on a dedicated machine. Supporting infrastructure (such as the domain controller and certificate authorities) is also on dedicated machines. The guide describes how to configure each machine, step by step, in chronological order, starting with the root certificate authority and ending with the endpoint. This way, when working on any given configuration step, the reader is assured that all tasks that predicate each configuration step have been completed. There are a few exceptions to this where jumps are necessary. Those are clearly indicated and crossreferenced. Additionally, many notes are included to provide contextual background, and there are also appendices that provide additional in-depth insight. Future editions: What is not in this first edition Topics that are not included in the first edition of the guide: Multi-domain and multi-forest Active Directory environments Non UPN-based smart card certificate to Active Directory account mapping (such as Alternate Security Identity) XenApp coverage Double-hop from the Virtual Delivery Agent to XenApp Additional smart card middleware (only ActivClient is covered in this edition) Additional endpoint coverage (such as Linux, thin clients, Windows 8.1/10, Mac OS X, ios, Android, nondomain-joined Windows, etc.) Information on nonauthentication operations with smart cards (such as S/MIME) PKCS#11 configuration (to use smart cards with browsers such as Firefox) Notes on how CAC and SIPR diverge from PIV, where appropriate citrix.com 1

6 Test environment The test environment can be represented as follows: Browser Domain Controller Root Certificate Authority Issuing Certificate Authority Internet Explorer 11 on Windows 7 SP1 Windows Server 2008 R2 Windows Server 2008 R2 Windows Server 2012 R2 NetScaler Gateway Receiver 10.5 StoreFront Delivery Controller VDA 4.2 on Windows 7 SP1 2.6 on Windows Server 2012 R2 7.6 on Windows Server 2012 R2 7.6 on Windows 7 SP1 Objectives A guide dispensing smart card configuration advice should be: Self-contained: Detailed configuration steps for every product hence step-by-step instructions for installing and configuring products and areas that are not specifically related to smart card authentication, such as installing and configuring the Delivery Controller). Explicitly tested: The documentation itself must be tested. Fool-proof: Cautions against obvious mistakes. It was determined that both military and civilian domains should not be covered in a single document; therefore, CAC cards and SIPR tokens are not discussed. In order to achieve the above objectives, we have to pin down a specific environment. Because there are so many possible variations in a federal environment configuration, a model environment could be tricky to pin down. For example, there could be dozens of different types of endpoints alone. The priority for the first edition was not to cover as many topics or platforms as possible but to ensure that the topics that are covered the essential components of a Citrix deployment are covered in detail and are technically accurate. The topics were researched, and the environment was configured, tested, verified, and finally, documented. When blocking issues were discovered, workarounds were also researched, tested, and documented. citrix.com 2

7 Constraints Some components can be deployed in different ways (or using different methods), depending on the scale of the deployment. For example, the Delivery Controller could use a stand-alone dedicated database server in the case of a large deployment. In a small deployment, SQL Server Express can be installed on the Delivery Controller as part of the Delivery Controller installation to perform the same function. In the test environment, small-scale methods are used. This way, it is complete and self-contained without requiring vast preparation sections. Some notable examples: installing Receiver manually, not using Machine Creation Services (MCS) to provision Virtual Delivery Agents (VDA), not configuring High Availability (HA) on the NetScaler Gateway, and so on. Assumptions The NIST PIV Test Card #1 is the smart card used throughout. Every Windows machine has a server certificate in its personal certificate store, and the machine has access to the associated private key. Active Directory Group Policy settings are configured in the default domain policy. The default domain policy is linked at the domain level. citrix.com 3

8 Section 1 Configuration Steps (on every machine in the test environment) citrix.com 4

9 Your Organization s Root Certification Authority Test environment assumptions Operating system is Windows Server 2008 R2 Prerequisites Active Directory Certificate Services is installed and configured Configuration Steps Export root CA certificate to file To see how this step fits in the overall PKI Configuration process, see the diagram in Appendix D: Publishing Certificates to Active Directory Containers. 1. Open up an instance of the command prompt as an administrator and enter: certutil ca.cert <filename.cer> For example: certutil ca.cert Root_CA_F2-DC-CA.cer This should result in the output as follows: The file Root_CA_F2-DC-CA.cer will appear in the current directory. citrix.com 5

10 Your Organization s Issuing Certificate Authority Test environment assumptions Operating system is Windows Server 2012 R2 The issuing CA trusts the trust root CA IIS is installed and configured IIS port 443 bound to server certificate Active Directory Certificate Services is installed and configured, including web enrollment. Prerequisites The issuing certificate authority server trusts your organization s root certificate authority. In other words, a copy of the root CA certificate for your organization s root certificate authority is located in the issuing certificate authority s Local Computer Trusted Root Certification Authorities store. Configuration Steps Ensure the Key Distribution Center (KDC ) template is available to the issuing certificate authority 1. Start an instance of the Microsoft Management Console (MMC). From the File menu, choose Add/Remove Snap In. From the Available snap-ins list, select Certification Authority, and click Add. The Certification Authority dialog box will appear. Select the local computer as the computer you want the snap-in to manage. Click Finish, and then click OK. 2. Navigate to Certificate Templates: citrix.com 6

11 3. Right-click Certificate Templates. Select New and then Certificate Template to Issue. The Enable Certificate Templates dialog appears: 4. Select the Kerberos Authentication template, and click OK. The Kerberos Authentication template should now be listed under Certificate Templates on your issuing CA. The key purpose of this certificate template is KDC authentication: 5. Restart the CA service. citrix.com 7

12 Submit certificate signing requests (CSR) to your organization s issuing CA NOTE You cannot complete this step until you have generated the CSR files in section Create Certificate Signing Requests (CSR) for each SSL FIPS key of this guide. If you haven t generated the CSR files yet you can skip the rest of this section and continue with configuration of the Domain Controller. Have the CSR files you generated on the NetScaler Gateway device at hand: NOTE You might want to temporarily turn off IE Enhanced Security Configuration in the test environment: Server Manager > Local Server > IE Enhanced Security Configuration. Remember to turn it back on when this step is completed. 6. Start Internet Explorer and point to the following URL: https:<fqdn of your Organization s Issuing CA>/certsrv For example: https://a-ica1.f2.ctxs/certsrv/ NOTE If the page is not available, you need to ensure that IIS and the appropriate Active Directory Certificate Services (such as Certificate Enrollment Web Service) is installed in server roles on the issuing CA server. 7. If you are prompted for credentials, provide admin credentials. The following page will be displayed: citrix.com 8

13 8. Click Request a Certificate. The following page is displayed: 9. Click Advanced Certificate Request. The following page is displayed: 10. Click Submit a Certificate Request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file. The following page is displayed: 11. Use Notepad to open the first CSR file. (In this example, fed-nsg-csr): 12. Select all the text in the file and then copy and paste it into the Base-64-encoded certificate request field in the Saved Request section. citrix.com 9

14 13. Select Web Server in the Certificate Template section. 14. Click Submit. The following is displayed: 15. Click Yes. citrix.com 10

15 16. In the Certificate Issued section, change the encoding format to Base 64 encoded. 17. Click Download Certificate Chain. You will be prompted to open or save the file: 18. Select the drop-down arrow next to Save, and click Save As. It is useful to give the certificate a descriptive name. In this example, the certificate is saved as fed-nsgcert-chain: When the file is opened, it should contain three certificates: 19. Repeat the process for the remaining two CSRs: fed-callback-csr fed-sson-session-csr Before continuing, it is worth inspecting the certificates to ensure that you did not accidently select the wrong template or copy the text for the same CSR more than once: citrix.com 11

16 The Subject CN values are as expected: Public keys are all different: citrix.com 12

17 Certificate Template Name is WebServer for all three: NOTE If you temporarily turned off IE Enhanced Security Configuration in the test environment: Server Manager > Local Server > IE Enhanced Security Configuration, you should turn it back on now. 20. Export the certificates to individual files as follows: Once the files are exported, jump back to section Copy certificate files to NetScaler. citrix.com 13

18 Domain Controller Test environment assumptions Operating system is Windows Server 2008 R2 Prerequisites Enterprise PKI MMC snap-in is installed. The Domain Controller trusts your organization s root and intermediate certificate authorities. In other words, copies of the CA certificates for your organization s root and issuing certificate authorities are located in the Domain Controller s Local Computer Trusted Root Certification Authorities and Intermediate Certification Authorities stores, respectively. Configuration Steps Group policy settings There are a number of group policy settings to configure. The level that you link your group policy settings (local, site, domain, Organizational Unit) depends on your organizational requirements. NOTE The group policy settings will only become active on target machines once the group policy has refreshed. This is governed by the Group Policy Refresh Interval setting. FIPS Mode = On 1. Enable the following policy setting: Policy > Computer Configuration Policies > Windows Settings > Security Settings > Local Policies > Security: System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing Add the Citrix icaclient administrative policy template (ADM) file Citrix provides a Microsoft group policy template file that enables central administration of certain Citrix Receiver configuration settings. Some of the Citrix Receiver settings that can be toggled through the icaclient ADM template govern Single Sign-on/PIN prompt behavior. The icaclient.adm template is copied to the following default location on the endpoint when Citrix Receiver is installed on a 64-bit Windows 7 endpoint: C:\Program Files (x86)\citrix\ica Client\Configuration NOTE Ensure that you are using the icaclient.adm template from the latest version of Citrix Receiver. citrix.com 14

19 Once you ve installed Citrix Receiver on an endpoint in section Install Citrix Receiver, you will be directed back to this section to complete this step. Until then, you can skip ahead to section Import smart card middleware Administrative Policy Template file (ADM) 1. In the group policy mmc-snap-in editor, right-click on Administrative Templates. Select Add/Remove Templates. The Add/Remove Templates dialog will be displayed: 2. Click Add. 3. Select the icaclient.adm file that you copied to the Domain Controller after installing Citrix Receiver in section Group policy ADM. Click Open. The Add/Remove Templates dialog box will be populated as follows: citrix.com 15

20 4. Click Close. 5. Ensure that the Citrix Receiver user authentication settings have been loaded into the Group Policy Editor: citrix.com 16

21 Import smart card middleware Administrative Policy Template file (ADM) Many smart card vendors provide a Microsoft group policy template file that enables central administration of certain middleware configuration settings (for example, some of these middleware settings govern the PIN caching mechanisms in the middleware). For ActivIdentity ActivClient 7.02, the procedure to add the Administrative Template is described in Chapter 2 of the ActivIdentity ActivClient for Windows Administration Guide: Locate the ActivClient.admx template files in the \Admin\Configuration folder on your ActivClient distribution and copy them to C:\Windows\PolicyDefinitions. and Locate the ActivClient.adml template files in the \Admin\Configuration\EN-US folder on your ActivClient distribution and copy them to C:\Windows\PolicyDefinitions\en-US. 1. Start an instance of the Microsoft Management Console. Add the Group Policy Management Editor snap-in. The Group Policy Wizard is spawned. Click Browse to select the Group Policy Object (GPO) to manage. Ensure that the GPO that you select governs the site, domain or OU that contains the machine accounts for computers where ActivClient is (or will be) installed (Windows endpoint and VDA). Click Finish. 2. The ActivClient configuration settings will be accessible from <Name of Policy> Policy > Computer Configuration > Policies > Administrative Templates > ActivIdentity. NOTE The policy deployed using the GPO linked at the site, domain or OU level overrides the same policy if that policy is set locally (for example, manually by a power user on an endpoint). Set PIV to take precedence 1. To prevent a local user or administrator from accidently turning off PIV and turning on CAC, navigate to <Name of Policy> Policy > Computer Configuration > Policies > Administrative Templates > ActivIdentity > ActivClient > Smart Card. Disable Turn on US Department of Defense configuration. If this setting is enabled, ActivClient will communicate with the smart card in GSC-IS mode. That mode is used to communicate with Department of Defense Common Access Cards (CAC). If this setting is disabled, ActivClient will communicate with the smart card in PIV mode. Smart card removal behavior policy setting in group policy 1. Navigate to <Name of Policy> Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. 2. Set the Interactive Logon: Smart card removal behavior policy to reflect the desired behavior in your organization. There are four options: No Action, Lock Workstation, Force Logoff, and Disconnect If a Remote Desktop Service Session. citrix.com 17

22 User Account Settings Map AD user account to the PIV authentication certificate Create alternate UPN 1. If it is not already running, start an instance of the Microsoft Management Console. Add the Active Directory domains and trusts snap-in. Right-click on Active Directory Domains and Trusts, click Properties. The Active Directory Domains and Trusts Properties dialog box is displayed. 2. In the Alternate UPN Suffixes textbox, enter upn.example.com, and click Add: 3. Click OK. citrix.com 18

23 upn.example.com is the suffix of the principal name in the Subject Alternate Name field of the PIV Authentication certificate on NIST PIV Test Card # 1: Create OU for PIV user accounts 1. If it is not already running, start an instance of the Microsoft Management Console. Add the Active Directory Users and Computers snap-in. 2. Right-click on the domain object, hover the cursor over New, and then select Organizational Unit. Name the new OU Smartcard Users. Click OK: citrix.com 19

24 Create user group 1. Right-click on the newly created Smartcard Users OU, hover the cursor over New, and click Group. Name the group G-Scope Smartcard Group. Note that the group scope is Global and the group type is Security: 2. Click OK. citrix.com 20

25 Create user account 1. Right-click on the Smartcard Users OU, hover the cursor over New, and click User. Fill out the New Object User dialog box as follows: Note that the user logon name matches principal name in the Subject Alternate Name field of the PIV Authentication Certificate on NIST PIV Test Card #1: citrix.com 21

26 2. Click Next. citrix.com 22

27 3. Provide a password, and click Next, and then click Finish. Add user to G-Scope Smartcard Group 1. Right-click on the NIST_PIV_01 PIV Authentication Cert user account, hover the cursor over All Tasks, and click Add to a group. Enter the following: 2. Click OK. Set smart card required for interactive logon 1. Right-click on the NIST_PIV_01 PIV Authentication Cert user account, and click Properties. Click on the Account tab. In the Account options section, deselect User must change password at next logon, and select Smart card is required for interactive logon: citrix.com 23

28 NOTE When you check the Smart card is required for interactive logon box, the operating system takes over user password management. It assigns a maximum-length password that is equivalent to 255 characters and ensures that it meets complexity requirements, effectively blocking the user from logging on to the network using a password. This can also be set via group policy. PKI certificate configuration Request KDC Certificate from your organization s issuing CA 1. Refer to steps 2 and 5 in Appendix D: Publishing Certificates in Active Directory for a graphical representation of the steps below. 2. Start an instance of the Microsoft Management Console (MMC). From the File menu, choose Add/Remove Snap In. From the Available snap-ins list, select Certificates, and click Add. The Certificates dialog box will appear. Select the local computer as the computer you want the snap-in to manage. Click Finish, and then click OK. 3. Navigate to Personal > Certificates. Right-click on Certificates, choose All Tasks, and click on Request New Certificate. The Certificate Enrollment wizard opens. Click Next. Select the appropriate Certificate Enrollment Policy. Click Next. citrix.com 24

29 4. Select Kerberos Authentication, and click Enroll. NOTE If Kerberos Authentication is not listed, you will need to adjust the enroll permissions in the Security tab of the Kerberos Authentication Certificate Template Properties using the Certificate Templates mmc snap-in on the issuing CA. The certificate is intended for the following purposes: citrix.com 25

30 Certificate file consolidation You should now have the following certificate files at hand: The NIST test PIV self-signed CA certificate: The NIST test PIV issuing CA certificates: NOTE Of the five NIST test PIV issuing certificates, the one that is relevant to the steps in the guide is RSA2048IssuingCACertificate.cer because it is in the PIV authentication certificate s trust chain. Your organization s exported RootCA certificate: Publish certificates to Active Directory certificate containers Using this method, the certificates are automatically propagated throughout. This way you do not have to manually install certificates in certificate stores on machines individually. 1. Refer to Appendix D: Publishing Certificates in Active Directory for a diagrammatic representation of the process that follows. NOTE You must run these commands using a user account with enterprise administrative privileges. Do not use an account that is a member of the domain admins group but not the enterprise admins group. citrix.com 26

31 2. Copy the certificate files to a directory. Run a command prompt. Change the prompt to that directory. Then run the following commands from the command prompt: Publish your organization s root CA certificate to Certification Authorities (RootCA) container (Refers to step 6 in Appendix D: Publishing Certificates in Active Directory) Syntax: certutil dspublish f <Your Organization s Root CA Certificate file>.cer Example: certutil dspublish f Root_CA_F2-DC-CA.cer Publish your organization s root CA certificate to NTAUTH certificates (NTAuth) container (Refers to step 7 in Appendix D: Publishing Certificates in Active Directory) Syntax: certutil dspublish f <Your Organization s Root CA Certificate file>.cer NTAuthCA Example: certutil dspublish f Root_CA_F2-DC-CA.cer NTAuthCA Publish the NIST test PIV root CA certificate to Certification Authorities (RootCA) container (Refers to step 8 in Appendix D: Publishing Certificates in Active Directory) Syntax: certutil dspublish f < NIST Test PIV Root CA Certificate file>.cer Example: certutil dspublish f Self-signedTrustAnchorCertificate.cer Publish the NIST test PIV issuing CA certificate to NTAUTH container (Refers to step 9 in Appendix D: Publishing Certificates in Active Directory) Syntax: certutil dspublish f < NIST Test PIV Issuing CA Certificate file>.cer NTAuthCA Example: certutil dspublish f RSA2048IssuingCACertificate.cer NTAuthCA Publish the NIST test PIV issuing CA certificate to AIA (SubCA) container (Refers to step 10 in Appendix D: Publishing Certificates in Active Directory) Syntax: certutil dspublish f < NIST Test PIV Issuing CA Certificate file>.cer subca Example: certutil dspublish f RSA2048IssuingCACertificate.cer subca citrix.com 27

32 Propagation does not occur until a group policy refresh. Manually force-refresh using the following command: Gpupdate /Force Enterprise PKI snap-in 1. To view the published certificates in the graphical user interface, you need the enterprise PKI snap-in. All of the relevant AD Containers can be viewed. However, it is not possible to add certificates to the AIA (subca) Container using the snap-in. NOTE If anything is showing as untrusted, refresh the group policy to ensure it propagates and is trusted. citrix.com 28

33 Virtual Delivery Agent (VDA) Test environment assumptions Operating system is 64 bit Windows 7 with Service Pack 1 Citrix Virtual Delivery Agent is The smart card middleware is 64-bit ActivClient Machine is domain-joined Prerequisites The VDA trusts your organization s root and intermediate certificate authorities. In other words, copies of the CA certificates for your organization s root and intermediate certificate authorities are located in the VDA s Local Computer Trusted Root Certification Authorities and Intermediate Certification Authorities stores, respectively. Configuration Steps Install middleware 1. Refer to Appendix E: Install ActivClient on Windows 7 x64 for detailed steps. NOTE Smart Card reader drivers are not required on the VDA. Install VDA for Windows Desktop OS 1. Perform the installation on the VDA machine console, not remotely via a remote desktop protocol such as RDP. 2. Insert the Citrix installation media, and run the AutoSelect.exe file: The XenApp and XenDesktop installer opens: citrix.com 29

34 3. Click Start for XenDesktop. Then click Virtual Delivery Agent for Windows Desktop OS: citrix.com 30

35 4. Select the Enable Remote PC Access option. citrix.com 31

36 NOTE For a production environment, you likely will want to use a master image. Refer to the Citrix Product Documentation site for more information about how to configure and use a master image: 5. For Core Components, install only the VDA. Do not install Citrix Receiver. citrix.com 32

37 NOTE Citrix Receiver is typically installed on the VDA in double-hop scenarios (when a user launches a XenApp session from within a XenDesktop session). If you intend to perform double-hop deployments with smart card Single Sign-on (Please note that double-hop deployments are outside the scope of the first edition of this guide): You must install Receiver on the VDA from the command line and add the /includesson command line switch or the Citrix Single Sign-on service component will not be installed when Receiver is installed. In addition, the build of Receiver that you want to use may not be the same Receiver build that ships with the VDA build (that is consumed by the VDA installation wizard). 6. Enter the FQDN of the Delivery Controller. For this example, it is a-ddc.f2.ctxs. NOTE There is no need to click Test connection if the Delivery Controller is not configured yet. (Which will be the case if you are following the steps in the guide sequentially.) Be absolutely sure the Controller address entered here is identical to the address you plan to use for the Delivery Controller later. 7. Click Next. citrix.com 33

38 8. Leave Features at default. citrix.com 34

39 9. Leave Firewall at default. citrix.com 35

40 A summary will be displayed: 10. Click Install. citrix.com 36

41 citrix.com 37

42 Delivery Controller Test environment assumptions Operating system is Windows Server 2012 R2. Citrix XenDesktop is version The Delivery Controller runs on a dedicated server (StoreFront is also installed on a separate dedicated server of its own.). No stand-alone database server is used. During Delivery Controller installation, SQL Server 2012 Express SP1 is automatically installed on and used by the Delivery Controller. Machine Management/Machine Creation Services (MCS) is not used. Microsoft Internet Information Services (IIS) is installed on the Delivery Controller, which possesses a server certificate with corresponding private key, and the server certificate is used to bind https to port 443 in IIS: Prerequisites Citrix License Server is up and running (configuring the License Server is outside the scope of this guide). The Delivery Controller trusts your organization s root and intermediate certificate authorities. In other words, copies of the CA certificates for your organization s root and issuing certificate authorities are located in the Delivery Controller s Local Computer Trusted Root Certification Authorities and Intermediate Certification Authorities stores, respectively. citrix.com 38

App Orchestration 2.5

App Orchestration 2.5 Configuring NetScaler 10.5 Load Balancing with StoreFront 2.5.2 and NetScaler Gateway for Prepared by: James Richards Last Updated: August 20, 2014 Contents Introduction... 3 Configure the NetScaler load

More information

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication Authentication is about security and user experience and balancing the two goals. This document describes the authentication

More information

How to Configure NetScaler Gateway 10.5 to use with StoreFront 2.6 and XenDesktop 7.6.

How to Configure NetScaler Gateway 10.5 to use with StoreFront 2.6 and XenDesktop 7.6. How to Configure NetScaler Gateway 10.5 to use with StoreFront 2.6 and XenDesktop 7.6. Introduction The purpose of this document is to record the steps required to configure a NetScaler Gateway for use

More information

App Orchestration 2.0

App Orchestration 2.0 App Orchestration 2.0 Configuring NetScaler Load Balancing and NetScaler Gateway for App Orchestration Prepared by: Christian Paez Version: 1.0 Last Updated: December 13, 2013 2013 Citrix Systems, Inc.

More information

Setting Up SSL on IIS6 for MEGA Advisor

Setting Up SSL on IIS6 for MEGA Advisor Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority

More information

The steps will take about 4 hours to fully execute, with only about 60 minutes of user intervention. Each of the steps is discussed below.

The steps will take about 4 hours to fully execute, with only about 60 minutes of user intervention. Each of the steps is discussed below. Setup Guide for the XenApp on AWS CloudFormation Template This document walks you through the steps of using the Citrix XenApp on AWS CloudFormation template (v 4.1.5) available here to create a fully

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0 SECO Whitepaper SuisseID Smart Card Logon Configuration Guide Prepared for SECO Publish Date 19.05.2010 Version V1.0 Prepared by Martin Sieber (Microsoft) Contributors Kunal Kodkani (Microsoft) Template

More information

App Orchestration 2.5

App Orchestration 2.5 App Orchestration 2.5 Configuring NetScaler 10.1 Load Balancing with StoreFront 2.5.2 and NetScaler Gateway for App Orchestration 2.5 Prepared by: Christian Paez Last Updated: August 11, 2014 Contents

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

XenDesktop 5 with Access Gateway

XenDesktop 5 with Access Gateway XenDesktop 5 with Access Gateway How to set up an Access Gateway Enterprise Edition VPX for use with XenDesktop 5 www.citrix.com Contents Introduction... 2 Example environment... 2 Set up the VPX VM...

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

XenDesktop Implementation Guide

XenDesktop Implementation Guide Consulting Solutions WHITE PAPER Citrix XenDesktop XenDesktop Implementation Guide Pooled Desktops (Local and Remote) www.citrix.com Contents Contents... 2 Overview... 4 Initial Architecture... 5 Installation

More information

Scenarios for Setting Up SSL Certificates for View

Scenarios for Setting Up SSL Certificates for View Scenarios for Setting Up SSL Certificates for View VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

Hands-on Lab Exercise Guide

Hands-on Lab Exercise Guide XenApp & XenDesktop 7.6 Partner Workshop Hands-on Lab Exercise Guide Worldwide Technical Enablement & Readiness January 2015 Contents Contents... 1 Overview... 2 Scenario... 5 Lab Setup... 6 Connecting

More information

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on... Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM This guide provides information on...... APNs Requirements Tips on Enrolling in the ios Developer Enterprise Program...

More information

Mobility Manager 9.0. Installation Guide

Mobility Manager 9.0. Installation Guide Mobility Manager 9.0 Installation Guide LANDESK MOBILITY MANAGER Copyright 2002-2012, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or

More information

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC Prepared by: Peter Bats Commissioning Editor: Linda Belliveau Version: 5.0 Last Updated:

More information

Secure IIS Web Server with SSL

Secure IIS Web Server with SSL Secure IIS Web Server with SSL EventTracker v7.x Publication Date: Sep 30, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is to help

More information

Administration Guide ActivClient for Windows 6.2

Administration Guide ActivClient for Windows 6.2 Administration Guide ActivClient for Windows 6.2 ActivClient for Windows Administration Guide P 2 Table of Contents Chapter 1: Introduction....................................................................12

More information

Deployment Guide ICA Proxy for XenApp

Deployment Guide ICA Proxy for XenApp Deployment Guide ICA Proxy for XenApp Access Gateway Enterprise Edition (NetScaler AGEE) www.citrix.com Table of Contents Introduction...3 Solution Requirements...4 Prerequisites...4 Network Diagram...5

More information

Citrix StoreFront 2.0

Citrix StoreFront 2.0 White Paper Citrix StoreFront 2.0 Citrix StoreFront 2.0 Proof of Concept Implementation Guide www.citrix.com Contents Contents... 2 Introduction... 3 Architecture... 4 Installation and Configuration...

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics Event Source Log Configuration Guide Microsoft Windows using Eventing Collection Last Modified: Thursday, July 30, 2015 Event Source Product Information: Vendor: Microsoft Event

More information

Entrust Managed Services PKI

Entrust Managed Services PKI Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.

More information

HOTPin Integration Guide: DirectAccess

HOTPin Integration Guide: DirectAccess 1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SolarWinds Technical Reference Using SSL Certificates in Web Help Desk Introduction... 1 How WHD Uses SSL... 1 Setting WHD to use HTTPS... 1 Enabling HTTPS and Initializing the Java Keystore... 1 Keys

More information

Troubleshooting smart card logon authentication on active directory

Troubleshooting smart card logon authentication on active directory Troubleshooting smart card logon authentication on active directory Version 1.0 Prepared by: "Vincent Le Toux" Date: 2014-06-11 1 Table of Contents Table of Contents Revision History Error messages The

More information

Introduction to Mobile Access Gateway Installation

Introduction to Mobile Access Gateway Installation Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on... Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM This guide provides information on...... APNs Requirements Tips on Enrolling in the ios Developer Enterprise Program...

More information

Browser-based Support Console

Browser-based Support Console TECHNICAL PAPER Browser-based Support Console Mass deployment of certificate Netop develops and sells software solutions that enable swift, secure and seamless transfer of video, screens, sounds and data

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

Integrating idrac7 With Microsoft Active Directory

Integrating idrac7 With Microsoft Active Directory Integrating idrac7 With Microsoft Active Directory Whitepaper Author: Jim Slaughter This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Manual installation of agents and importing the SCOM certificate to the servers to be monitored:

More information

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED. Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information

More information

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) 12/15/2012 WALISYSTEMSINC.COM SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) Setup SSL in SharePoint 2013 In the last article (link below), you learned how to setup SSL in SharePoint 2013

More information

Installation and Configuration Guide

Installation and Configuration Guide Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark

More information

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement Microsoft OCS with IPC-R: SIP (M)TLS Trunking directpacket Product Supplement directpacket Research www.directpacket.com 2 Contents Prepare DNS... 6 Prepare Certificate Template for MTLS... 6 1 Create

More information

Installation Guide. SafeNet Authentication Service

Installation Guide. SafeNet Authentication Service SafeNet Authentication Service Installation Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

Deploying NetScaler Gateway in ICA Proxy Mode

Deploying NetScaler Gateway in ICA Proxy Mode Deploying NetScaler Gateway in ICA Proxy Mode Deployment Guide This deployment guide defines the configuration required for using the NetScaler Gateway in ICA Proxy Mode. Table of Contents Introduction

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

App Orchestration 2.0

App Orchestration 2.0 App Orchestration 2.0 Integrated Provisioning Deployment Guide Prepared by: Nicholas Ceballos Commissioning Editor: Linda Belliveau Version: 6.0 Last Updated: December 12, 2013 Page 1 Contents Integrated

More information

How to Configure Certificate Based Authentication for WorxMail and XenMobile 10

How to Configure Certificate Based Authentication for WorxMail and XenMobile 10 How to Configure Certificate Based Authentication for WorxMail and XenMobile 10 This article describes how to configure certificate based authentication using Microsoft Certificate Services (PKI) for WorxMail

More information

VMware Identity Manager Connector Installation and Configuration

VMware Identity Manager Connector Installation and Configuration VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document

More information

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V Connection Broker Managing User Connections to Workstations, Blades, VDI, and More Quick Start with Microsoft Hyper-V Version 8.1 October 21, 2015 Contacting Leostream Leostream Corporation http://www.leostream.com

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

SSL Offload and Acceleration

SSL Offload and Acceleration SSL Offload and Acceleration 2015-04-28 17:59:09 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents SSL Offload and Acceleration... 5 SSL... 6 Configuring

More information

Citrix XenApp 6.5 and XenDesktop 5.6 Security Standards and Deployment Scenarios Supplementary scenarios

Citrix XenApp 6.5 and XenDesktop 5.6 Security Standards and Deployment Scenarios Supplementary scenarios Citrix XenApp 6.5 and XenDesktop 5.6 Security Standards and Deployment Scenarios Supplementary scenarios Overview Citrix products offer the security specialist a wide range of features for securing Citrix

More information

RoomWizard Synchronization Software Manual Installation Instructions

RoomWizard Synchronization Software Manual Installation Instructions 2 RoomWizard Synchronization Software Manual Installation Instructions Table of Contents Exchange Server Configuration... 4 RoomWizard Synchronization Software Installation and Configuration... 5 System

More information

609: Front-ending and load balancing XenDesktop and XenApp with NetScaler

609: Front-ending and load balancing XenDesktop and XenApp with NetScaler 609: Front-ending and load balancing XenDesktop and XenApp with NetScaler Hands-on Lab Exercise Guide This session is offered as both an instructor led training and a self-paced online lab. Contents Overview...

More information

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Advanced Administration

Advanced Administration BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

More information

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client. WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition The installation of Lync Server 2010 is a fairly task-intensive process. In this article, I will walk you through each of the tasks,

More information

Integrating idrac 7 with Microsoft Active Directory

Integrating idrac 7 with Microsoft Active Directory Integrating idrac 7 with Microsoft Active Directory Whitepaper Author: Jim Slaughter This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Copyright 2012 Trend Micro Incorporated. All rights reserved. Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

More information

Citrix Receiver for Mobile Devices Troubleshooting Guide

Citrix Receiver for Mobile Devices Troubleshooting Guide Citrix Receiver for Mobile Devices Troubleshooting Guide www.citrix.com Contents REQUIREMENTS...3 KNOWN LIMITATIONS...3 TROUBLESHOOTING QUESTIONS TO ASK...3 TROUBLESHOOTING TOOLS...4 BASIC TROUBLESHOOTING

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

Configure thin client settings locally

Configure thin client settings locally This chapter contains information to help you set up your thin client hardware, look and feel, and system settings using the Control Center. Tip While it is not recommended to use dialog boxes for configuring

More information

Installation and Configuration Guide

Installation and Configuration Guide Installation and Configuration Guide BlackBerry Resource Kit for BlackBerry Enterprise Service 10 Version 10.2 Published: 2015-11-12 SWD-20151112124827386 Contents Overview: BlackBerry Enterprise Service

More information

Introduction to the EIS Guide

Introduction to the EIS Guide Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment

More information

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008 Integration Guide Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008 Integration Guide: Microsoft Active Directory Rights Management Services (AD RMS) Imprint

More information

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report Xerox Multifunction Devices Customer Tips March 15, 2007 This document applies to these Xerox products: X WC 4150 X WCP 32/40 X WCP 35/45/55 X WCP 65/75/90 X WCP 165/175 X WCP 232/238 X WCP 245/255 X WCP

More information

Table of Contents. CHAPTER 1 About This Guide... 9. CHAPTER 2 Introduction... 11. CHAPTER 3 Database Backup and Restoration... 15

Table of Contents. CHAPTER 1 About This Guide... 9. CHAPTER 2 Introduction... 11. CHAPTER 3 Database Backup and Restoration... 15 Table of Contents CHAPTER 1 About This Guide......................... 9 The Installation Guides....................................... 10 CHAPTER 2 Introduction............................ 11 Required

More information

Yubico PIV Management Tools

Yubico PIV Management Tools Yubico PIV Management Tools Active Directory Smart Card Logon using the YubiKey NEO or NEO-n Document Version 1.0 April 15, 2015 Yubico PIV Management Tools 2015 Yubico. All rights reserved. Page 1 of

More information

Web Interface with Active Directory Federation Services Support Administrator s Guide

Web Interface with Active Directory Federation Services Support Administrator s Guide Web Interface with Active Directory Federation Services Support Administrator s Guide Web Interface with Active Directory Federation Services (ADFS) Support Citrix Presentation Server 4.0 for Windows Copyright

More information

Setting Up Resources in VMware Identity Manager

Setting Up Resources in VMware Identity Manager Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

F5 Networks, Inc. F5 Recommended Practices for BIG-IP and AirWatch MDM Integration

F5 Networks, Inc. F5 Recommended Practices for BIG-IP and AirWatch MDM Integration F5 Networks, Inc. F5 Recommended Practices for BIG-IP and AirWatch MDM Integration Contents Introduction 4 Purpose 5 Requirements 6 Prerequisites 6 AirWatch 6 F5 BIG-IP 6 Network Topology 7 Big-IP Configuration

More information

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with

More information

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

RSA Authentication Manager 8.1 Virtual Appliance Getting Started RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides

More information

CA NetQoS Performance Center

CA NetQoS Performance Center CA NetQoS Performance Center Install and Configure SSL for Windows Server 2008 Release 6.1 (and service packs) This Documentation, which includes embedded help systems and electronically distributed materials,

More information

DriveLock Quick Start Guide

DriveLock Quick Start Guide Be secure in less than 4 hours CenterTools Software GmbH 2012 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Shakambaree Technologies Pvt. Ltd.

Shakambaree Technologies Pvt. Ltd. Welcome to Support Express by Shakambaree Technologies Pvt. Ltd. Introduction: This document is our sincere effort to put in some regular issues faced by a Digital Signature and USB Token user doing on

More information

AVG Business SSO Connecting to Active Directory

AVG Business SSO Connecting to Active Directory AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud

More information

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles Appendix 1 Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles This section explains how you use the Cloud Management Suite installation wizard for the following purposes: To

More information

Citrix Access on SonicWALL SSL VPN

Citrix Access on SonicWALL SSL VPN Citrix Access on SonicWALL SSL VPN Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through SonicWALL SSL VPN 5.0. It also includes information about configuring

More information

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide c623242f-20f0-40fe-b5c1-8412a094fdc7 Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide Microsoft Corporation Published: June 2009 Updated: April 2010 Abstract

More information

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0 Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG 5 How-To Guide Digital Certificates July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

Installing and Configuring vcenter Support Assistant

Installing and Configuring vcenter Support Assistant Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Using Microsoft s CA Server with SonicWALL Devices

Using Microsoft s CA Server with SonicWALL Devices SonicOS Using Microsoft s CA Server with SonicWALL Devices Introduction You can use the Certificate Server that ships with Windows 2000/2003 Server to create certificates for SonicWALL devices, as well

More information

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Sharp Remote Device Manager (SRDM) Server Software Setup Guide Sharp Remote Device Manager (SRDM) Server Software Setup Guide This Guide explains how to install the software which is required in order to use Sharp Remote Device Manager (SRDM). SRDM is a web-based

More information

Secure Web Appliance. SSL Intercept

Secure Web Appliance. SSL Intercept Secure Web Appliance SSL Intercept Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About SSL Intercept... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...

More information

Aspera Connect User Guide

Aspera Connect User Guide Aspera Connect User Guide Windows XP/2003/Vista/2008/7 Browser: Firefox 2+, IE 6+ Version 2.3.1 Chapter 1 Chapter 2 Introduction Setting Up 2.1 Installation 2.2 Configure the Network Environment 2.3 Connect

More information

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1 Avaya Solution & Interoperability Test Lab Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1 Abstract These Application Notes describe the

More information

ADFS Integration Guidelines

ADFS Integration Guidelines ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS

More information

NETWRIX EVENT LOG MANAGER

NETWRIX EVENT LOG MANAGER NETWRIX EVENT LOG MANAGER ADMINISTRATOR S GUIDE Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

Wavecrest Certificate

Wavecrest Certificate Wavecrest InstallationGuide Wavecrest Certificate www.wavecrest.net Copyright Copyright 1996-2015, Wavecrest Computing, Inc. All rights reserved. Use of this product and this manual is subject to license.

More information

Synchronizer Installation

Synchronizer Installation Synchronizer Installation Synchronizer Installation Synchronizer Installation This document provides instructions for installing Synchronizer. Synchronizer performs all the administrative tasks for XenClient

More information

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014 S/MIME on Good for Enterprise MS Online Certificate Status Protocol Installation and Configuration Notes Updated: October 08, 2014 Installing the Online Responder service... 1 Preparing the environment...

More information

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...

More information